[cifs-protocol] [MS-DTYP] meaning of sign and base and range in conditional ACE integers

Douglas Bagnall douglas.bagnall at catalyst.net.nz
Thu Dec 22 02:16:58 UTC 2022

hi Dochelp,

In MS-DTYP literal integers are encoded as a 64 bit number, 
followed by a byte for sign and a byte for base. The range of the 
integer is indicated by the token bytecode.

I don't understand how the sign and base are used.

In the example at the bottom of section a negative number is 
encoded with sign 'None' and base 10. What would be different in 
practice if it were encoded with a different base or sign? Would it 
compare differently?

As far as I can tell, the only use of integer literal tokens is in 
binary relational operators. The documentation for these operators 
( says things like

> MUST evaluate to TRUE if the argument on the RHS evaluates to the exact value
> (single or set value) of the argument on the LHS; otherwise, FALSE.

but it doesn't define how the evaluation works with the sign, base, and 

In conventional mathematics octal 03 == decimal 3 == hex 0x03. Does this 
hold for conditional ACE literals?

Also, in many systems, the 16 bit value '123' would equal the 32 bit 
values '123'. Does this hold in conditional ACEs?

And the sign byte -- what is that for? Does -1 with a negative sign not 
equal -1 with a 'none' sign? and can -1 have a positive sign?

Is the base just used for determining how the number is rendered when 
converted into SDDL?


More information about the cifs-protocol mailing list